diff options
| author | Jan-Hendrik Willms <tleilax+github@gmail.com> | 2023-12-20 09:53:37 +0100 |
|---|---|---|
| committer | Jan-Hendrik Willms <tleilax+github@gmail.com> | 2024-04-08 14:26:27 +0200 |
| commit | 8142b3f34ba92644acbcac8f0ec974316db80e10 (patch) | |
| tree | e5b85b8b5dc74f17d8dc2fa863018c12b7553377 /app/controllers/admin/login_style.php | |
| parent | bcd76d3c5ac715a33668d4c6611b7be8f11e3404 (diff) | |
implement use image validator service, fixes #3593tic-3593
Diffstat (limited to 'app/controllers/admin/login_style.php')
| -rw-r--r-- | app/controllers/admin/login_style.php | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/app/controllers/admin/login_style.php b/app/controllers/admin/login_style.php index 35cd7d8..74cc259 100644 --- a/app/controllers/admin/login_style.php +++ b/app/controllers/admin/login_style.php @@ -65,18 +65,22 @@ class Admin_LoginStyleController extends AuthenticatedController public function add_pic_action() { CSRFProtection::verifyRequest(); + + $image_validator = app(\Studip\Services\ImageValidator::class); + $success = 0; foreach ($_FILES['pictures']['name'] as $index => $filename) { if ($_FILES['pictures']['error'][$index] !== UPLOAD_ERR_OK) { continue; } - $extension = pathinfo($filename, PATHINFO_EXTENSION); - $extension = strtolower($extension); - if (!in_array($extension, ['gif', 'jpeg', 'jpg', 'png'])) { + if (!$image_validator->validateName($filename)) { continue; } + $extension = pathinfo($filename, PATHINFO_EXTENSION); + $extension = strtolower($extension); + $entry = new LoginBackground(); $entry->filename = $filename; $entry->desktop = Request::int('desktop', 0); |